1. Forum
  2. Usenet
  3. LINUX.DEBIAN.ANNOUNCE.SEC

  • [SECURITY] [DSA 5173-1] linux security update (2/2)

    From Ben Hutchings@1:229/2 to All on Sun Jul 3 18:00:01 2022
    [continued from previous message]

    floppy drive device can exploit this to cause a denial of service
    (crash or memory corruption) or possibly for privilege escalation.

    CVE-2022-1729

    Norbert Slusarek discovered a race condition in the perf subsystem
    which could result in local privilege escalation to root. The
    default settings in Debian prevent exploitation unless more
    permissive settings have been applied in the
    kernel.perf_event_paranoid sysctl.

    CVE-2022-1734

    Duoming Zhou discovered race conditions in the nfcmrvl NFC driver
    that could lead to a use-after-free, double-free or null pointer
    dereference. A local user might be able to exploit these for
    denial of service (crash or memory corruption) or possibly for
    privilege escalation.

    This driver is not enabled in Debian's official kernel
    configurations.

    CVE-2022-1974, CVE-2022-1975

    Duoming Zhou discovered that the NFC netlink interface was
    suspectible to denial of service.

    CVE-2022-2153

    "kangel" reported a flaw in the KVM implementation for x86
    processors which could lead to a null pointer dereference. A local
    user permitted to access /dev/kvm could exploit this to cause a
    denial of service (crash).

    CVE-2022-21123, CVE-2022-21125, CVE-2022-21166

    Various researchers discovered flaws in Intel x86 processors,
    collectively referred to as MMIO Stale Data vulnerabilities.
    These are similar to the previously published Microarchitectural
    Data Sampling (MDS) issues and could be exploited by local users
    to leak sensitive information.

    For some CPUs, the mitigations for these issues require updated
    microcode. An updated intel-microcode package may be provided at
    a later date. The updated CPU microcode may also be available as
    part of a system firmware ("BIOS") update.

    Further information on the mitigation can be found at
    <https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/processor_mmio_stale_data.html>
    or in the linux-doc-4.19 package.

    CVE-2022-23960

    Researchers at VUSec discovered that the Branch History Buffer in
    Arm processors can be exploited to create information side-
    channels with speculative execution. This issue is similar to
    Spectre variant 2, but requires additional mitigations on some
    processors.

    This was previously mitigated for 32-bit Arm (armel and armhf)
    architectures and is now also mitigated for 64-bit Arm (arm64).

    This can be exploited to obtain sensitive information from a
    different security context, such as from user-space to the kernel,
    or from a KVM guest to the kernel.

    CVE-2022-26490

    Buffer overflows in the STMicroelectronics ST21NFCA core driver
    can result in denial of service or privilege escalation.

    This driver is not enabled in Debian's official kernel
    configurations.

    CVE-2022-27666

    "valis" reported a possible buffer overflow in the IPsec ESP
    transformation code. A local user can take advantage of this flaw
    to cause a denial of service or for privilege escalation.

    CVE-2022-28356

    "Beraphin" discovered that the ANSI/IEEE 802.2 LLC type 2 driver did
    not properly perform reference counting on some error paths. A
    local attacker can take advantage of this flaw to cause a denial
    of service.

    CVE-2022-28388

    A double free vulnerability was discovered in the 8 devices
    USB2CAN interface driver.

    CVE-2022-28389

    A double free vulnerability was discovered in the Microchip CAN
    BUS Analyzer interface driver.

    CVE-2022-28390

    A double free vulnerability was discovered in the EMS CPC-USB/ARM7
    CAN/USB interface driver.

    CVE-2022-29581

    Kyle Zeng discovered a reference-counting bug in the cls_u32
    network classifier which can lead to a use-after-free. A local
    user can exploit this to cause a denial of service (crash or
    memory corruption) or possibly for privilege escalation.

    CVE-2022-30594

    Jann Horn discovered a flaw in the interaction between ptrace and
    seccomp subsystems. A process sandboxed using seccomp() but still
    permitted to use ptrace() could exploit this to remove the seccomp
    restrictions.

    CVE-2022-32250

    Aaron Adams discovered a use-after-free in Netfilter which may
    result in local privilege escalation to root.

    CVE-2022-33981

    Yuan Ming from Tsinghua University reported a race condition in
    the floppy driver involving use of the FDRAWCMD ioctl, which could
    lead to a use-after-free. A local user with access to a floppy
    drive device could exploit this to cause a denial of service
    (crash or memory corruption) or possibly for privilege escalation.
    This ioctl is now disabled by default.

    For the oldstable distribution (buster), these problems have been
    fixed in version 4.19.249-2.

    Due to an issue in the signing service (Cf. Debian bug #1012741), the vport-vxlan module cannot be loaded for the signed kernel for amd64 in
    this update.

    This update also corrects a regression in the network scheduler
    subsystem (bug #1013299).

    For the 32-bit Arm (armel and armhf) architectures, this update
    enables optimised implementations of several cryptographic and CRC
    algorithms. For at least AES, this should remove a timing side-
    channel that could lead to a leak of sensitive information.

    This update includes many more bug fixes from stable updates
    4.19.236-4.19.249 inclusive, including for bug #1006346. The random
    driver has been backported from Linux 5.19, fixing numerous
    performance and correctness issues. Some changes will be visible:

    - - The entropy pool size is now 256 bits instead of 4096. You may need
    to adjust the configuration of system monitoring or user-space
    entropy gathering services to allow for this.

    - - On systems without a hardware RNG, the kernel may log more uses of
    /dev/urandom before it is fully initialised. These uses were
    previously under-counted and this is not a regression.

    We recommend that you upgrade your linux packages.

    For the detailed security status of linux please refer to
    its security tracker page at:
    https://security-tracker.debian.org/tracker/linux

    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://www.debian.org/security/

    Mailing list: [email protected]
    -----BEGIN PGP SIGNATURE-----

    iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmLBuTxfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0TdzQ//Yxq7eTZmPsDVvj1ArPIDwE4w/CPyoYeXiiSBhWD4ueYAvWp3moPmUZmc a6is1JkP8MILLekkeAUJQjaxjHOn+kWIlfV7ZLJ7fzTrVjkHoQvzs8a8mv85ybaD sfQlVuEA7VPxfJI/4/31fIAuTPy1S+qd3r6qtESL2IQdZPFS8SOHwZrTt9DPGXhl XtY3XNm4fysgRmtDYNpqndluVXeTc39bXe9YBRG1bTdrI9QCTykSx2/HeZDOBiMQ Wb7cjXAUoy0q3c5QncTcqtgN3ax549qx/1oGZGXDlycZFOIE8vHMY3FyBXXURPz4 JgKkSf+NR87aeDi2SREjOm0CIp/laSc1VFxpf0TTT51kuPWhXzsleZ23eN2po106 UTyDFsNtNToHgoDpPFA/3GsioqirzbwwVUs0qKDeFdC1VZjJ5H+1JzO4JPbWGOTo rtoz64JHU9oIA3OJs3rYpgIphd6fzUfia89tuflE5/MkeAWSVP7f0rpUgGQy8gzw TdsN4p7aCLhQezMpFVKADIB1WfkBtXncDrPC//pxxnRZuu2efrlYv6se+dnOJM9/ WeDSm4hsi6u+MH7DBmVhDgjF/gatSbejud8rXYUcVKZArraj9k9rCArxcVKmJHMr 6teKhjSMX1B27AUJtTqSU1eEmErxbA+yEHCSEOW+8JNnLQZWDSI=
    =j1cH
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: you cannot sedate... all the things you hate (1:229/2)